Authentication Guide

Institutional Subscriptions to the Visual Thesaurus Online Edition have multiple ways of providing licensed users convenient access to the product. This document briefly describes the different methods of authentication that we offer, and their requirements:

  1. Server Referrer Key Authentication:

    With this authentication method, users access the Visual Thesaurus by simply clicking a link placed on any webpage within an Institution's website. The link points to a server-side active webpage running on the Institution's server which contains a key specifically created for the server's IP address.

    Requirements:

    1. The referrer key webpage can only be linked from the Institution's website.
    2. Only licensed users should have access to the referrer key webpage. In addition, the referrer key webpage can not be publicly accessible via the Internet without some other secure form of authentication currently employed by the Institution.
    3. The server-side webpage can be provided in PHP, JSP, ColdFusion, Perl CGI, or ASP form.
  2. Client Referrer Key Authentication:
    With this authentication method, users access the Visual Thesaurus by simply clicking a link placed on any webpage within an Institution's website. The link contains a key that will only work from the URL in which the link is embedded.

    Requirements:

    1. The referrer key webpage can only be linked from the Institution's website.
    2. Only licensed users should have access to the referrer key webpage. In addition, the referrer key webpage can not be publicly accessible via the Internet without some other secure form of authentication currently employed by the Institution.
    3. The URL of the page containing the link must be provided to us beforehand and match exactly the referrer header sent by your licensed users' browser.
  3. Embedded Client Referrer Authentication:
    This authentication method provides an embeddable solution for Visual Thesaurus access based on the URL of a webpage on the Institution's website. Users access the Visual Thesaurus by entering a word into a search box which is embedded on any webpage within an Institution's website. However, this authentication method does not provide access to the editorial content contained on the Visual Thesaurus subscriber website.

    Requirements:

    1. The webpage containing the embedded search box can not be publicly accessible via the Internet, meaning without some other secure form of authentication currently employed by the Institution.
    2. The Institution must provide the exact URL of the page in which the search box is embedded.
    3. The referrer URL must be static. We do not support referrer URLs with wildcard matching.
  4. IP Authentication:
    IP Authentication provides access to the Visual Thesaurus based on a range of IP addresses that identifies your institution's computers from the outside world.

    Requirements:

    1. The subscription must be a site license for a population of 500 or more, or a concurrent license for 5 users or more.
    2. The Institution must not meet the requirements for either Server Referrer Key or Client Referrer URL Authentication.
    3. You must have a range of IP addresses that only represent computers within your Institution. Only licensed users should have access to these computers.
    4. You cannot have Dynamic IP addresses (such as those provided by an Internet Service Provider).
    5. The number of IP addresses must be roughly commensurate with the size of your population.
  5. Additional Logins:
    If you decide to use this form of authentication, you will set up a number of additional logins to share with all of your users. Each login is composed of an email address (e.g. vt@yourinstitution.org) and a password. You provide this login information to your population, and they can then access the Visual Thesaurus on the web at http://www.visualthesaurus.com/ .

    Requirements:

    1. Passwords must be changed on a semi-annual basis.
    2. You may not publish these logins in any publicly-accessible place.

Compliance Testing:

From time to time, we automatically audit our Institutional Subscriptions to ensure compliance with the above requirements. If we determine that unlicensed users can gain access to the Visual Thesaurus using one of the above authentication methods, we will notify you, and in certain cases, we may temporarily turn off one or more of your authentication methods until the problem is corrected.

If you have any questions about our authentication policy, please visit our support section and use the support wizard to let us know.